>Which header line should I look at to get the IP we want to blacklist?
Here's the headers for your message through my server (ns1.caravel.bc.ca):
Return-Path: [EMAIL PROTECTED]
Received: from mail.stalker.com ([209.1.58.249] verified) by caravel.bc.ca
(Stalker SMTP Server 1.8b8) with ESMTP id S.0000445738 for
<[EMAIL PROTECTED]>; Thu, 18 Apr 2002 11:28:28 -0800
^^^^^^^^^^^^^^^^^^^^^^^^^
X-ListServer: CommuniGate Pro LIST 3.5.9
The part you're looking for should be the last hop (at the top), and SIMS
makes it pretty clear, reporting in the line above, who the server
identified themselves as, the IP that SIMS says it came from.
You want to blacklist the IP that SIMS verified, in this if I were to
black list "mail.stalker.com" I'd blacklist 209.1.58.249.
If the server faked their IP it might look like:
Received: from 216.254.254.254 ([209.1.58.249] verified) by caravel.bc.ca
(Stalker SMTP Server 1.8b8) with ESMTP id....
^^^^^^^^^^^^^^^^^^^^^^^ This is still the
one to Blacklist.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
